Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.brl.mil (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: password aging
Message-ID: <15448@smoke.brl.mil>
Date: 11 Mar 91 21:20:01 GMT
References: <1991Mar11.185411.2414@ssd.kodak.com>
Distribution: na
Organization: U.S. Army Ballistic Research Laboratory (BRL), APG, MD.
Lines: 22

In article <1991Mar11.185411.2414@ssd.kodak.com>, dcox@ssd.kodak.com (Don Cox) writes:
> System type: Sun4/280, SunOS4.1.1
> I am looking for a script that I can implement on my system that will
> prompt the users to change their password every xx days.  Thanks.

I would be surprised if SunOS 4.1.1 did not already support password
aging using a somewhat different mechanism.  The usual scheme, added
in some long-past release of UNIX System V, tacks an extra subfield
onto the password in /etc/passwd, using a comma delimiter between the
subfields.  The aging information is contained in the new subfield.
Presumably this is explained somewhere in the manual, if it is
supported.

It is probably also worth noting that in most cases, forcing a change
of password periodically actually reduces system security, rather than
enhancing it as is probably the intention.  Unless a password is
compromised, if it was secure in the first place there is no reason
not to stick with it.

Note also that SunOS 4.x supports "shadow" passwd and group files,
which hide the encrypted passwords, preventing use of password-
cracking programs.  I highly recommend using this feature.